Introduction to Web Server Attacks | Penetration Testing

Set -1

Most organizations believe their web presence to be an expansion of themselves. Associations make their web presence on the World Wide Web utilizing websites related to their organizations. Web servers are a basic part of the web framework. A solitary weakness in web server arrangement may prompt security to penetrate on websites. This makes web server security basic to the typical working of an association. A web server is a PC framework that stores, cycles, and conveys web pages to worldwide customers by means of HTTP convention. All in all, a customer starts the correspondence cycle through HTTP demands.

Components of a Web Server:

• Document Root: Document root is one of the web server’s root record registries that store basic HTML documents identified with the web pages of an area name that will serve because of the solicitations. For instance, if the mentioned URL is www.xyz.com and the document root is named as certroot and is put away in/administrator/web catalog, at that point/administrator/web/certroot is the document index address.
• Server Root: It is the high-level root catalog under the registry tree in which the server’s setup and blunder, executable, and log documents are put away. It comprises of the code that actualizes the server. The server root, as a rule, comprises four documents where one field is devoted to the code that actualizes the server and the other three are sub-directories, to be specific, — conf, — logs utilized for arrangement data, store logs separately.
• Virtual Document Tree: It gives stockpiling on an alternate machine or a circle after the first plate is topped off. It is case delicate and can be utilized to give object-level security.
• Virtual Hosting: It is a procedure of facilitating numerous spaces or websites on a similar server. This permits the sharing of assets between different servers. It is utilized for an enormous scope where the organization assets are proposed to be gotten to and overseen around the world.
• Web Proxy: An intermediary server sits in the middle of the web customer and web server. Because of the arrangement of web intermediaries, all the solicitations from the customers will be given to the web-server through web intermediaries. They are utilized to forestall IP obstructing and looking after obscurity.

Web Security Issue:

Web servers are picked dependent on their ability to deal with server-side programming, security qualities, distributing, web index, and website building apparatuses. Apache, Microsoft IIS, Nginx, Google, and Tomcat are probably the most generally utilized web servers. Hackers rule targets weakness that exists in the product segment and arrangement blunders to bargain web servers. Associations can guard the most organized level and OS-level assaults by utilizing network safety efforts, for example, firewalls, IDS, IPS, etc, and by adhering to security principles and rules. This powers hackers to direct their concentration toward performing web server and web-application assaults as a web server facilitating web applications are open from anyplace over the web. This makes web servers an appealing objective. An inadequately arranged web server can puncture the most deliberately planned firewall framework. Hackers can misuse an ineffectively arranged web server with realized weaknesses to bargain the security of the web application.

Common Goals behind Server Hacking:

Aggressors perform web server assaults in view of specific objectives. These objectives might be either specialized or non-specialized. For instance, an aggressor may penetrate the security of the web-server and take delicate data for monetary benefits or just for interest. Following are a few objectives behind a web server assault:

• Taking credit/debit cards or other delicate qualifications utilizing phishing methods.
• Incorporating the server in a botnet so as to perform Denial of Service, and so forth
• Trading off an information base,
• Getting shut source applications,
• Stowing away and diverting traffic,
• Raising benefits.

Some attacks are not made to achieve monetary profits, yet for personal reasons:

• For the sake of pure curiosity,
• For the sake of achieving a self-set intellectual challenge,
• To damage the target organization’s reputation.

Why Web Servers are Compromised?

There are intrinsic security risks associated with the web servers, the neighborhood that hosts websites, and the end-users who access these websites using browsers.

• Webmaster’s Concern: From a webmaster’s perspective, the biggest security concern is that the web-server can expose the neighborhood or the corporate intranet to threats the Internet poses. These might be as viruses, Trojans, attackers, or the compromise of data itself. Bugs in software programs are frequently the source of security lapses. Web servers that are huge complex devices also accompany these intrinsic risks. Also, the open engineering of the web servers allows the subjective script to run on the server-side answering to distant requests. Any CGI script installed at the site tangle contains bugs that are potential security risks.
• Network Administrator’s Concern: From a network administrator’s perspective, an inadequately arranged web server poses another likely gap in the nearby network’s security. While the target of a web is to give controlled access to the network, a lot of control can make a web almost impossible to use. In an intranet climate, the network administrator has to be cautious about arranging the web server so that the real users re-perceived and authenticates, and groups of users are assigned distinct access privileges.
• End User’s Concern: Usually, the user does not see any prompt danger, as surfing the web appears both safe and anonymous. Nonetheless, dynamic substance, such as ActiveX controls and Java applets, make it possible for hurtful applications, such as viruses, to attack the user’s system. What’s more, dynamic substance from a website’s browser can be a course for malicious software to bypass the firewall system and pervade the LAN.

Following are some of the methods which contribute towards the compromise of a web server:

• Inappropriate document and catalog permissions,
• Installing the server with default settings,
• Unnecessary services empowered, including content administration and far off administration,
• Security conflicts with the ease-of-use case,
• Absence of legitimate security strategy, procedures, and upkeep,
• Inappropriate validation with outside systems,
• Unnecessary default, reinforcement, or sample files,
• Misconfiguration in web server, OS, and networks,
• Various types of bugs and vulnerabilities in server software, OS, and web applications,
• Misconfigured SSL certificates and encryption settings,
• Administrative or investigating functions that are empowered or accessible on web servers,
• Use of self-signed certificates and default certificates.

Impact of Web Server Attacks:

Attackers can cause various kinds of damages to an association by exploiting a web server. Following are some of the damages hackers can cause to a web server:

• Compromise of user account: Web server attacks are mostly concentrated on compromising user account. If the attacker compromises a user account, then the attacker can gain a lot of useful information. Then, the attacker can use the compromised user account to launch further attacks n the web-server.
• Website defacement: Attackers can completely change the appearance of the website by replacing the original data. They change the website’s look by changing the visuals and displaying different pages with messages of their own.
• Secondary attacks from the website: An attacker who compromises a web server can use the server to launch further attacks on various websites or client systems.
• Root access to other applications or servers: Root access is the highest privilege one gets to log in to a network, be it a dedicated server, semi-dedicated, or virtual private server. Attackers can perform any action once they get root access to the web-server.
• Data tampering: An attacker can alter or delete the data and can even replace the data with malware in order to compromise whoever connects to the web-server.
• Data theft: Data is one of the primary assets of an organization, Attackers can get access to sensitive data such as financial records, future plans, or the source code of a program.